Protecting Systems Using

Antiviruses
Module 3

Simplifying Security.

CopyrightbyEC-Council
[Link].

3March2011,Thursday

MarketforAntivirusBecomingAggressiveinNorthITMarket
Theneedforprotectingvaluabledatapushingthedemandforantivirusproductsin
Northernregion.
Withexplosionintheuseofnetworksandalsoincreaseduseofinternethasdefinitelycreatedanew
[Link]
[Link]
[Link]
abletospreadthemselvestoothercomputersontheInternetornetworkcausingwidespread
[Link]
theseproblemsandtokeepupwiththe
accompanyingriseofmaliciouswebactivitya
numberofvendorsarebusyrollingoutlayers
[Link],contemplatedintheNorthernregionabouthowtheAntivirus
vendorsaredoing,whatisthedemand,whichsegmentisboomingandwhatsthefutureofthis
technology.
[Link]

CopyrightbyEC-Council
[Link].

Module Objectives
TheMostDangerousComputer
VirusesofAllTime

HowtoTestifAntivirusis
Working?

IntroductiontoAntivirusSoftware

ChoosingtheBestAntivirus
Software

HowDoesAntivirusSoftware
Work?

ConfiguringMcAfeeAntivirus

AntivirusSoftware2011

ConfiguringKasperskyPURE

StepstoInstallAntivirusonYour
Computer

AntivirusSecurityChecklist

CopyrightbyEC-Council
[Link].

Module Flow
Introduction
toAntivirus
Software

HowDoes
Antivirus
SoftwareWork?

Stepsto
Install
Antivirus

Choosingthe
BestAntivirus
Software

Configuring
McAfee
Antivirus

Configuring
Kaspersky
PURE

CopyrightbyEC-Council
[Link].

The Most Dangerous Computer Viruses of

All Time
Inthepastfewyears,numerousPCshavebeeninfectedbycomputervirusesandtherehave
beencomputervirusesthataffectedtheglobaleconomicgrowthdrastically
Thetop10mostdestructivecomputervirusesofalltimeaccordingtotechweb:
CIH(1998)

Blaster(2003)

EstimatedDamage:20to80milliondollarsworldwide,
[Link]
fromTaiwaninJuneof1998

EstimatedDamage:2to10billiondollars,hundredsof
thousandsofinfectedPCs

Melissa(1999)

EstimatedDamage:5to10billiondollars,over1million
PCsinfected

Sobig.F(2003)

EstimatedDamage:300to600milliondollars

ILOVEYOU(2000)

Bagle(2004)

EstimatedDamage:10to15billiondollars

CodeRed(2001)

EstimatedDamage:Tensofmillionsofdollarsand
counting

EstimatedDamage:2billionand600milliondollars
(2.6B$)

MyDoom(2004)
EstimatedDamage:Atitspeak,slowedglobalInternet
performanceby10percentandWebloadtimesbyupto
50percent

SQLSlammer(2003)
EstimatedDamage:BecauseSQLSlammereruptedona
Saturday,thedamagewaslowindollarsandcents.
However,ithit500,000serversworldwideandactually
shutdownSouthKoreasonlinecapacityfor12hours

Sasser(2004)
EstimatedDamage:Tensofmillionsofdollars

CopyrightbyEC-Council
[Link].

Introduction to Antivirus Software

AcomputerconnectedtotheInternetisalwaysathighrisk,anditisalwaysrecommendedto
installantivirussoftwareonthesystem
Acomputerviruscandegradetheperformanceofacomputerandcandelete thestored
computerdata
Anantivirusprogramprotectsthecomputeragainstviruses,worms,spywares,Trojans,etc.

CopyrightbyEC-Council
[Link].

Need for Antivirus Program

Todayinthedigitaldomain,loadsofdatais
storedoncomputersandithasbecome
significanttoprotectthedata

WhenaPCisconnectedtotheInternet,the
PChastocombatdifferentmaliciousprograms
suchasviruses,worms,Trojans,spyware,
adware

Cybercriminalssuchasattackersandhackersuse
thesemaliciousprogramsastoolstosteal
importantinformationsuchaspersonaldata
storedonthecomputer

Theseprogramsposeaseverethreattothe
computerandmaydestroyitsfunctionalityin
differentways

MaliciousprogramspavetheirwayintoonesPC
throughemailattachmentsandspamemail,
throughUSBdrives,visitingafraudulentwebsite,
etc.

Duetotheinvasionofmaliciousprograms
incyberspace,antivirusprogramshave
becomenecessaryforcomputers

Ifyourcomputerhasagoodantivirusprograminstalled,thenthePCisprotectedandcombatall
typesofmaliciousprograms

CopyrightbyEC-Council
[Link].

Module Flow
Introduction
toAntivirus
Software

HowDoes
Antivirus
SoftwareWork?

Choosingthe
BestAntivirus
Software

Stepsto
Install
Antivirus

Configuring
McAfee
Antivirus

Configuring
Kaspersky
PURE

CopyrightbyEC-Council
[Link].

How Does Antivirus Software Work?

Mostofthecommercialantivirussoftwareusestwo techniques:
Usesvirusdictionarytolookforknownviruseswhileexaminingfiles
Detectssuspiciousbehaviorfromanycomputerprogram

Virus Dictionary
Approach

Suspicious Behavior
Approach

Whileexaminingthefilesthe
antivirussoftwarerefersto
thedictionaryofknown
virusesidentifiedbythe
authorofantivirussoftware

Theantivirussoftware
monitorsthebehaviorofall
theprogramsinsteadof
identifyingtheknownviruses

Ifabitofcodeinthefile
matcheswiththatofany
virusinthedictionary,then
theantivirussoftwarecan
eitherdeletethefile,repair
thefilebyremovingthevirus,
orquarantineit

Wheneveraprogramwith
suspiciousbehaviorisfound
thesoftwarealertstheuser
andaskswhattodo

Other Ways to Detect

Viruses
Antivirussoftwarewilltryto
emulatethebeginningof
eachnewexecutablecode
thatisbeingexecutedbefore
transferringcontroltothe
executable
Iftheprogramseemstobea
virusorusingselfmodifying
codethenitimmediately
examinestheother
executableprograms

CopyrightbyEC-Council
[Link].

Antivirus Software 2011

[Link]

[Link]

[Link]

[Link]

[Link]

[Link]

[Link]

[Link]

[Link]

[Link]

10

CopyrightbyEC-Council
[Link].

Module Flow
Introduction
toAntivirus
Software

HowDoes
Antivirus
SoftwareWork?

Choosingthe
BestAntivirus
Software

Stepsto
Install
Antivirus

Configuring
McAfee
Antivirus

Configuring
Kaspersky
PURE

11

CopyrightbyEC-Council
[Link].

Choosing the Best Antivirus Software

Whenpurchasinganantivirussoftware,lookfor
thevariousfeaturesandhowtheycanbestserve
yourneeds
Themostimportantthingstobeconsideredare:
AntivirusScanning
AntivirusDetectionAccuracy
Checkforantivirussoftwarethatscansanddetects
virusesaccuratelyanddetectsthemajorityofthreats

ScanningSpeed
Checkwhethertheantivirussoftwarecanperformthe
taskquicklyandefficiently

ResourceUtilization
Ensurethattheantivirussoftwareusesminimal
systemresourcesanddoesnotaffectsystem
performancewhenperformingascan

12

CopyrightbyEC-Council
[Link].

Choosing the Best Antivirus Software

HackerBlocking
Thisfeaturepreventsotherusersfromgaining
unauthorizedaccessandstealimportantdatasuchas
passwordsandotherconfidentialinformation

BidirectionalFirewall

AutomaticUpdates

Checkwhethertheantivirussoftwareisequipped
withasoftwarefirewallornottoscantheboth
incomingandoutgoingtraffic

Thisfeaturekeepstheuserabreast
ofthelatestonlinethreatswithout
theuserhavingtovisitthevendors
websitetostayuptodate

TechnicalSupport
Lookforgoodtechnicalsupportso
thatissuesaresolvedeasily

SpywareDetection&
Prevention

ParentalControls

Checkforantispyware
componentstokeepspywareat
bay

Checkfortheparentalcontrolfeaturein
theantivirusprogramthathelpschildren
browsetheInternetsafely

EmailScanning

EasyInstallation(andEasytoUse)

EmailProtectioncanmonitorPOP
andSMTPportsandensuresthat
yourcomputerdoesn'tcontaina
threattoyourcomputer

Theantivirussoftwareshouldbeuserfriendly
andeasytouse

OnDemandandScheduledScanning
Thisoptionsletsyouscheduleascanaccordingtouser
[Link],weeklyor
monthly

13

CopyrightbyEC-Council
[Link].

Module Flow
Introduction
toAntivirus
Software

HowDoes
Antivirus
SoftwareWork?

Choosingthe
BestAntivirus
Software

Stepsto
Install
Antivirus

Configuring
McAfee
Antivirus

Configuring
Kaspersky
PURE

14

CopyrightbyEC-Council
[Link].

Steps to Install Antivirus on Your

Computer
1

Mostoftheantivirusesfollowawizarddriveninstallationprocess
andnecessarycomponentsareinstalledinthesystembydefault

Downloadtheantivirusandlaunchtheinstallationof
antivirusbydoubleclickingthesetupfile

Agreetothelegalagreementthatmightappear,click"Iagree",and
thenclick"Next"tocontinue

Reviewallthesettingsandclicknextuntilinstallationisfinished

Oncetheinstallationprocessisfinished,restartyourcomputer

15

CopyrightbyEC-Council
[Link].

How to Test if Antivirus is Working?

Stepbystepproceduretotesttheantivirusprogram
1.

Openanotepadandcopythefollowingcodeontoit,andsavethenotepad.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICARSTANDARDANTIVIRUSTESTFILE!$H+H*

2.

[Link]

3.

[Link] file

4.

Iftheantivirusisfunctioningproperly,itgeneratesawarningandimmediatelydeletesthefile

Note:Mostantiviruswilldisplayawarningmessageinstep1

16

CopyrightbyEC-Council
[Link].

Module Flow
Introduction
toAntivirus
Software

HowDoes
Antivirus
SoftwareWork?

Choosingthe
BestAntivirus
Software

Stepsto
Install
Antivirus

Configuring
McAfee
Antivirus

Configuring
Kaspersky
PURE

17

CopyrightbyEC-Council
[Link].

Configuring McAfee Antivirus

AfterselectingtheScanyourPCoption Select
anyoneoftheavailablethreescantypes (Runa
quickscan,Runafullscan,orRunacustomscan)

OntheMainSecurityCenterConsole click
RealtimeScanning select ScanyourPC

18

CopyrightbyEC-Council
[Link].

Configuring McAfee Antivirus

OntheMainSecurityCenterConsole click
RealtimeScanning selectScheduleScan
Settings anddecidehowoftenyouwantto
scan click Apply

AfterselectingtheScheduleScanSettingsoption
RealtimeScanningSettings selectthefiletypes,
attachments,andlocationsthatyouwanttheantivirus
toautomaticallyscanandprotectthecomputerfrom
threats clickApply

19

CopyrightbyEC-Council
[Link].

Module Flow
Introduction
toAntivirus
Software

HowDoes
Antivirus
SoftwareWork?

Choosingthe
BestAntivirus
Software

Stepsto
Install
Antivirus

Configuring
McAfee
Antivirus

Configuring
Kaspersky
PURE

20

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE

AftersuccessfullyinstallingKasperskyPURE,followthe
stepstoconfigureKasperskyPURE
Step 1: Activatetheapplication
For KasperskyPURE tobefullyfunctional,itneedstobe
activated

Youcan:
ActivateCommercialLicense withthepurchasedactivation
code
ActivateTrialVersion forthetrialperiodof 30 daysandget
acquaintedwiththepossibilitiesoftheprogram
ActivateLater, ifyouselect activatelater,thestage
of KasperskyPURE [Link]
willbeinstalledonyourcomputer,butyouwillbeableto
updatetheapplicationonlyonceafteritsinstallation.
Tocontinuetheactivationprocess,clickNext
Afterthelicenseisactivated,clickNext toproceedwiththe
configuration

21

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE

Step2: Systemanalysis
The InstallationWizard analyzesthe
systeminformationandcreatesrules
fortrustedapplicationsthatare
includedintheWindowsoperating
[Link]
completed.

22

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE

Step3: Completinginstallation
Whentheinstallationiscomplete,
KasperskyPUREConfigurationWizardwill
promptwithamessageTheinstallationis
complete:
Makesurethebox StartKaspersky
PURE ischeckedifyouwanttorunthe
applicationimmediatelyafter
the ConfigurationWizard isclosed
Clearthebox StartKasperskyPURE if
youwanttoruntheprogramlater
Inordertoclosethe Configuration
Wizard,clickthe Finish button

23

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE: Backup

and Restore
AfterconfiguringtheKasperskyPUREantivirus, launchtheapplication andthe
programisreadyforuse

24

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE: Backup

and Restore
ToconfigureBackup,clickBackupandRestore
InBackupandRestore, clickCreateabackuptask

25

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE: Backup

and Restore
Selectthelocationofthefilesand
clickNext selectthedesired
drivetostorethebackupfiles
clickNext
Specifyapasswordtoprotectyour
datafromunauthorizedaccessand
clickNext

26

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE: Backup

and Restore
Configurestoringdifferent
versionsoffilesandclick
Next clickFinish

27

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE:

Computer Protection
ComputerProtectioncomponentsprotectyourcomputeragainstvariousthreats,scanallsystem
objectsforvirusesandvulnerabilities,andregularlyupdateKasperskyPUREantivirusdatabasesand
programmodules

28

CopyrightbyEC-Council
[Link].

Configuring Kaspersky PURE: Parental

Control
ToprotectchildrenandteenagersfromthreatsrelatedtocomputerandInternetusage,youshouldconfigureParental
Controlsettings forallusers
IfyouhavenoenabledpasswordprotectionwheninstallingtheapplicationatthefirststartupofParentalControl,itis
recommendedthatyousetapasswordtoprotectagainstunauthorizedmodificationoftheControlsettings
Now,youcanenableParentalControlandimposerestrictionsoncomputerandInternetusage,andoninstantmessaging
forallaccountsonthecomputer

29

CopyrightbyEC-Council
[Link].

Kaspersky PURE: Administrative

Tools
UsingtheAdministrativetools,auser
canconfiguretheoperatingsystemand
eliminatesystemvulnerabilitiesto
providereliabledataprotection
Ausercan:
1. Tunebrowsersettings
2. Searchforproblemsrelatedtomalware
activityusingtheMicrosoftWindows
SettingsTroubleshootingoption
3. Permanentlydelete data
4. Delete someunuseddata
5. CreateaRescueDisktocleanthe
systemafteravirusattack
6. Eraseuseractivitytoprotectthe
privacy

30

CopyrightbyEC-Council
[Link].

Module Summary
Anantivirusprogramprotectsacomputeragainstviruses,worms,spywares,andTrojans
AcomputerconnectedtotheInternetisalwaysathighriskanditisrecommendedtohave
antivirussoftwareinstalledonthesystem
Mostofthecommercialantivirussoftwareusestwotechniques:
Usesvirusdictionarytolookforknownviruseswhileexaminingfiles
Detectssuspiciousbehaviorfromanycomputerprogram

Inthevirusdictionaryapproach,whileexaminingthefiles,theantivirussoftwarerefersto
thedictionaryofknownvirusesidentifiedbythesoftwareauthor
Wheneveraprogramwithsuspiciousbehaviorisfound,theantivirussoftwarealertsthe
userandaskswhattodo

31

CopyrightbyEC-Council
[Link].

Antivirus Security Checklist

Donotusemultipleantivirusprogramsonyourcomputer
simultaneously
Updateantivirussoftwaretogetmaximumefficiency
Alwaysvisitthevendorswebsitetodownloadthepatches
Enable realtimescanning
Alwaysperformlinkandemailscanning
Enablefirewall

Alwaysschedulescanning

32

CopyrightbyEC-Council
[Link].